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In the Claims 

1. (Previously Presented) A method for maintaining computer security 
comprising: 

providing a signature file containing information about known system vulnerabilities; 
at a reverse proxy server residing between at least one client computer and a web 

server: 

receiving an incoming message from the at least one client computer, wherein 
the incoming message, if malicious and upon receipt by the web server, automatically 
causes the web server to perform an action which exploits a vulnerability of the web 
server; 

comparing the received incoming message with the signature file to determine 
whether the incoming message is malicious; and 

if it is determined to be malicious, blocking the incoming message from 
reaching the web server. 

2. (Previously Presented) The method of claim 1, wherein the comparing 
further comprises: 

parsing the incoming message; 

converting the incoming message into an internal structure; 
comparing the converted incoming message with the signature file; and 
determining whether the converted incoming message is malicious based on the 
comparison. 

3. (Previously Presented) The method of claim 2, further comprising 
reassembling the converted incoming message back into its original structure prior to 
forwarding it to the web server if it is determined that the code is not malicious. 

4. (Original) The method of claim 3, further comprising forwarding the 
reassembled message to the web server. 

5. (Previously Presented) The method of claim 1, wherein the signature file 
contains information about known vulnerabilities of a client web server. 



DAL01 : 1036579.1 



ATTORNEY DOCKET NO. 
063170.7003 



3 



PATENT APPLICATION 
USSN 10/826,987 



6. (Original) The method as claimed in claim 1, wherein the signature file is 
made available through a web server. 

7. (Original) The method as claimed in claim 1, further comprising continuously 
updating the signature file. 

8. (Original) The method as claimed in claim 1, further comprising periodically 
downloading the signature file in order to make its copy current. 
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9. (Currently Amended) A system for maintaining computer security 
comprising: 

a signature file containing information about known system vulnerabilities, the 
information not including viral signature patterns; 
a web server; and 

a reverse proxy server residing on a processor controlled device between at least one 
client computer and a web server, the reverse proxy server operable to: 

receive an incoming message from the at least one client computer, wherein 
the incoming message, if malicious and upon receipt by the web server, automatically 
causes the web server to perform an action which exploits a vulnerability of the web 
server; 

compare the received incoming message with the signature file to determine 
whether the incoming message is malicious; and 

if it is determined to be malicious, block the incoming message from reaching 
the web server. 

10. (Previously Presented) The system of claim 9, wherein the proxy machine 
further comprises: 

a Hypertext Transfer Protocol ("HTTP") message parser module for receiving, 
parsing and converting the incoming messages into a defined structure: 

an HTTP message analyzer module for comparing the converted incoming messages 
with the signature file; and 

an HTTP message reassembly module for reassembling the converted incoming 
messages determined not to be malicious into their original structure and forwarding them to 
the web server. 

11. (Previously Presented) The system of claim 9, wherein the signature file 
contains information about known vulnerabilities of the web server. 

12. (Original) The system of claim 9, wherein the signature file is made available 
through a web server. 
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13. (Original) The system of claim 9, wherein the signature file is continuously 
updated. 

14. (Original) The system of claim 9, wherein the proxy machine periodically 
downloads the signature file in order to make its copy current. 

15. (Original) The system of claim 10, wherein the signature file is linked to the 
HTTP message analyzer module. 
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16. (Previously Presented) A tangible computer storage medium including 
computer executable code for maintaining computer security, comprising: 

code for accessing a signature file containing information about known system 
vulnerabilities, the information not including viral signature patterns; 

code for at a hypertext transfer protocol ("HTTP") reverse proxy server residing 
between at least one client computer and a web server: 

receiving an incoming message from the at least one client computer, wherein 

the incoming message, if malicious and upon receipt by the web server, automatically 

causes the web server to perform an action which exploits a vulnerability of the web 

server; 

comparing the received incoming message with the signature file to determine 
whether the incoming message is malicious; and 

if it is determined to be malicious, blocking the incoming message from 
reaching the web server. 

17. (Previously Presented) The computer recording medium of claim 16, further 
comprising: 

code for parsing the incoming message; 

code for converting the incoming message into an internal structure; 
code for comparing the converted incoming message with the signature file; and 
code for determining whether the converted incoming message is malicious based on 
the comparison. 

18. (Previously Presented) The computer recording medium of claim 17, further 
comprising code for reassembling the converted incoming message back into its original 
structure if it is determined that the code is not malicious. 

19. (Original) The computer recording medium of claim 18, further comprising 
code for forwarding the reassembled message to the web server. 

20. (Previously Presented) The computer recording medium of claim 16, wherein 
the signature file contains information about known vulnerabilities of a client web server. 
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21. (Original) The computer recording medium of claim 16, wherein the 
signature file is made available through a web server. 

22. (Original) The computer recording medium of claim 16, further comprising 
code for continuously updating the signature file. 

23. (Original) The computer recording medium of claim 16, further comprising 
code for periodically downloading the signature file in order to make its copy current. 

24. (Previously Presented) The method of claim 1, wherein the incoming 
message comprises a Hypertext Transfer Protocol ("HTTP") message. 

25. (Previously Presented) The system of claim 9, wherein the incoming 
message comprises a Hypertext Transfer Protocol ("HTTP") message. 

26. (Previously Presented)) The computer storage medium of claim 16, wherein 
the incoming message comprises a Hypertext Transfer Protocol ("HTTP") message. 

27. (Currently Amended) The method of claim 1, wherein: 

the information comprises a predefined length of a Universal Resource Locator 
("URL") in a message header; and 

comparing the received incoming message with the signature file to determine 
whether the incoming message is malicious comprises determining whether the incoming 
message is malicious by comparing a length of a URL in a message header of the incoming 
message with the predefined length in the signature file. 
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28. (Currently Amended) The system of claim 9, wherein: 

the information comprises a predefined length of a Universal Resource Locator 
("URL") in a message header; and 

the proxy machine server is operable to compare the received incoming message with 
the signature file by comparing a length of a URL in a message header of the incoming 
message with the predefined length in the signature file. 

29. (Previously Presented) The computer storage medium of claim 16, wherein: 
the information comprises a predefined length of a Universal Resource Locator 

("URL") in a message header; and 

comparing the received incoming message with the signature file comprises 
comparing a length of a URL in a message header of the incoming message with the 
predefined length in the signature file, 

30. (Currently Amended) The method of claim 1, wherein: 

the information comprises a list of known system vulnerabilities; and 
comparing the received incoming message with the signature file to determine 
whether the incoming message is malicious comprises determining whether the incoming 
message is malicious by determining whether one or more characteristics of the incoming 
message satisfy one of the vulnerabilities on the list of known system vulnerabilities. 

wh e rein the viral signature patterns comprise one or more binary patterns associated 
with a virus. 

31. (Previously Presented) The system of claim 9, wherein the viral signature 
patterns comprise one or more binary patterns associated with a virus. 

32. (Previously Presented) The computer storage medium of claim 16, wherein 
the viral signature patterns comprise one or more binary patterns associated with a virus. 
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33. (Previously Presented) The method of Claim 1, wherein the incoming 
message is received from a first client computer; and further comprising: 

if the incoming message is determined to be malicious, identifying the first computer; 

and 

automatically blocking future messages received from the first client computer. 
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34. (Previously Presented) A method for maintaining computer security 
comprising: 

providing a signature file containing information about known system vulnerabilities, 
the information comprising a predefined length of a Universal Resource Locator ("URL") in 
a message header; 

receiving an incoming message from at least one client computer; 

comparing a length of a URL in a message header of the incoming message with the 
predefined length in the signature file to determine whether the incoming message is 
malicious; and 

if the incoming message is determined to be malicious, blocking the incoming 
message from reaching a web server. 



DAL01: 1036579.1 



